| Commitments and Contingencies | Commitments and Contingencies Indemnifications In the ordinary course of business, we may provide indemnifications of varying scope and terms to customers, vendors, lessors, business partners, subsidiaries and other parties with respect to certain matters, including, but not limited to, product warranties and losses arising out of our breach of agreements or representations and warranties made by us, including claims alleging that our software infringes on the intellectual property rights of a third party. In addition, our bylaws contain indemnification obligations to our directors, officers, employees, and agents, and we have entered into indemnification agreements with our directors and certain of our officers to give such directors and officers additional contractual assurances regarding the scope of the indemnification set forth in our bylaws and to provide additional procedural protections. We maintain director and officer insurance, which may cover certain liabilities arising from our obligation to indemnify our directors and officers. It is not possible to determine the aggregate maximum potential loss under these indemnification agreements due to the limited history of prior indemnification claims and the unique facts and circumstances involved in each particular agreement. Such indemnification agreements might not be subject to maximum loss clauses. We monitor the conditions that are subject to indemnification to identify if a loss has occurred. Historically, we have not incurred material costs as a result of obligations under these agreements, and we have not accrued any material liabilities related to such indemnification obligations in our Condensed Consolidated Financial Statements. In connection with the sale of our Enterprise Security business to Broadcom, we assigned several leases to Broadcom or certain of its subsidiaries. As a condition to consenting to the assignments, certain lessors required us to agree to indemnify the lessor under the applicable lease with respect to certain matters, including, but not limited to, losses arising out of Broadcom’s or such subsidiaries’ breach of payment obligations under the terms of such lease. As with our other indemnification obligations discussed above and in general, it is not possible to determine the aggregate maximum potential loss under these indemnification agreements due to the limited history of prior indemnification claims and the unique facts and circumstances involved in each particular agreement. As with our other indemnification obligations, such indemnification agreements might not be subject to maximum loss clauses, and to date, generally under our real estate obligations, we have not incurred material costs as a result of such obligations under our leases and have not accrued any liabilities related to such indemnification obligations in our Condensed Consolidated Financial Statements. Litigation contingencies Trustees of the University of Columbia in the City of New York v. NortonLifeLock As previously disclosed in our public filings, on May 2, 2022, a jury returned its verdict in a patent infringement case filed in 2013 by the Trustees of Columbia University in the City of New York (Columbia) in the U.S. District Court for the Eastern District of Virginia. Columbia originally brought suit alleging infringement of six patents owned by the university. We won a favorable claim construction order on all six patents, and the claim construction was upheld by the Federal Circuit in 2016 on all but U.S. Patent Nos. 8,601,322 and 8,074,115. We also sought inter partes review by the Patent Trial and Appeal Board of the claims of the ‘322 and ‘115 Patents and all but two claims of the ‘322 Patent and three claims of the ‘115 Patent were invalidated. The remaining claims of the ‘322 and ‘115 Patents were the only claims that remained in suit at trial. The jury found that our Norton Security products and Symantec Endpoint Protection products (the latter of which were sold by us to Broadcom as part of an Asset Purchase Agreement dated November 4, 2019) willfully infringe the ‘322 and ‘115 Patents through the use of SONAR/BASH behavioral protection technology. The jury awarded damages in the amount of $185 million. Columbia did not seek injunctive relief against us. We intend to cease use of the technology found by the jury to infringe. The jury also found that we did not fraudulently conceal its prosecution of U.S. Patent No. 8,549,643 but did find that two Columbia professors were coinventors of this patent. No damages were awarded related to this patent. A formal judgment has not yet been entered in the case. Post-verdict motions have been filed, and we intend to file an appeal challenging the verdict. At this time, our current estimate of the low end of the range of probable estimated losses from this matter is approximately $234 million, reflecting the jury award and prejudgment interest, which we have accrued. The jury’s verdict may be enhanced and, should it be upheld on appeal, could ultimately result in the payment of somewhere between one and three times the jury’s verdict, plus interest and attorneys’ fees. There is a reasonable possibility that a loss may be incurred in excess of our accrual for this matter; however, such loss cannot be reasonably estimated. Securities Class Action and Derivative Litigation Securities class action lawsuits, which have since been consolidated, were filed in May 2018 against us and certain of our former officers, in the U.S. District Court for the Northern District of California. The lead plaintiff’s consolidated amended complaint alleged that, during a purported class period of May 11, 2017 to August 2, 2018, defendants made false and misleading statements in violation of Sections 10(b) and 20(a), and that certain individuals violated Section 20A, of the Securities Exchange Act of 1934, as amended (the Exchange Act). Defendants filed motions to dismiss, which the Court granted in an order dated June 14, 2019. Pursuant to that order, plaintiff filed a motion seeking leave to amend and a proposed first amended complaint on July 11, 2019. The Court granted the motion in part on October 2, 2019, and the first amended complaint was filed on October 11, 2019. The Court’s order dismissed certain claims against certain of our former officers. Defendants filed answers on November 7, 2019. On April 20, 2021, to resolve an alleged conflict of interest raised with respect to the lead plaintiff and its counsel, the Court ordered a second Class Notice disclosing the circumstances of the alleged conflict and providing a further period for class members to opt out, which closed on July 2, 2021. The initial class opt out period closed on August 25, 2020. On May 24, 2021, the parties reached a proposed settlement and release of all claims in the class action, for $70 million, and on June 8, 2021, the parties executed a Stipulation and Agreement of Settlement, subject to Court approval and exclusive of any claims that may be brought by shareholders who opted out of the class action. Of the $70 million, $67.1 million was covered under the applicable insurance policy with the remainder to be paid by us. The Court approved the settlement on February 12, 2022. On November 22, 2021, investment funds managed by Orbis Investment Management Ltd. which previously opted out of the securities class action, filed suit under the Exchange Act of 1934, the Arizona Securities Act, the Arizona Consumer Fraud Act and certain common law causes of action to recover alleged damages for losses incurred by the funds for their purchases or acquisitions of our common stock during the class period. In the fourth quarter of fiscal 2022, we made an immaterial settlement offer in this matter, for which we have accrued. Our Motion to Dismiss is now pending. Purported shareholder derivative lawsuits have been filed against us and certain of our former officers and current and former directors in the Delaware Court of Chancery ( In re Symantec Corp. S’holder. Deriv. Litig. ), Northern District of California ( Lee v. Clark et al., ), and the District of Delaware ( Milliken vs. Clark et al. ). These assert generally the same facts and circumstances as alleged in the securities class action and alleging claims for breach of fiduciary duty and related claims. On January 4, 2023, after reaching an agreement on the terms of the proposed settlement including a payment of $12 million by the Company’s D&O insurers to the Chancery plaintiffs, the parties to the Chancery action filed a Stipulation and Agreement of Settlement, Compromise and Release in that Court, which if approved by the Court will extinguish all claims in the Chancery, Lee , and Milliken actions. On January 10, 2023, the Court entered a scheduling order regarding the settlement notice, objection and approval process. Under the scheduling order, the Company will provide notice of the settlement to current stockholders, and stockholders will have until March 24, 2023, to lodge objections to the settlement. The Lee action has been stayed pending the settlement hearing in the Chancery Court. A fourth lawsuit filed in the Delaware Superior Court, Kukard v. Symantec , brings claims derivatively on behalf of our 2008 Employee Stock Purchase Plan. Motions to Dismiss are on file and fully briefed in the Lee , Milliken and Kukard actions. No specific amount of damages has been alleged in these lawsuits. We have also received demands from purported stockholders to inspect corporate books and records under Delaware law. At this stage, we are unable to assess whether any material loss or adverse effect is reasonably possible as a result of the derivative lawsuits or estimate the range of any potential loss. We will continue to incur legal fees in connection with these pending cases and demands, including expenses for the reimbursement of legal fees of present and former officers and directors under indemnification obligations. The expense of continuing to defend such litigation may be significant. We intend to defend these lawsuits vigorously, but there can be no assurance that we will be successful in any defense. If any of the lawsuits are decided adversely, we may be liable for significant damages directly or under our indemnification obligations, which could adversely affect our business, results of operations, and cash flows. GSA During the first quarter of fiscal 2013, we were advised by the Commercial Litigation Branch of the Department of Justice’s (DOJ) Civil Division and the Civil Division of the U.S. Attorney’s Office for the District of Columbia that the government is investigating our compliance with certain provisions of our U.S. General Services Administration (GSA) Multiple Award Schedule Contract No. GS-35F-0240T effective January 24, 2007, including provisions relating to pricing, country of origin, accessibility, and the disclosure of commercial sales practices. As reported on the GSA’s publicly-available database, our total sales under the GSA Schedule contract were approximately $222 million from the period beginning January 2007 and ending September 2012. We fully cooperated with the government throughout its investigation, and in January 2014, representatives of the government indicated that their initial analysis of our actual damages exposure from direct government sales under the GSA Schedule contract was approximately $145 million; since the initial meeting, the government’s analysis of our potential damages exposure relating to direct sales has increased. The government also indicated they would pursue claims for certain sales to California, Florida, and New York as well as sales to the federal government through reseller GSA Schedule contracts, which could significantly increase our potential damages exposure. In 2012, a sealed civil lawsuit was filed against us related to compliance with the GSA Schedule contract and contracts with California, Florida, and New York. On July 18, 2014, the Court-imposed seal expired, and the government intervened in the lawsuit. On September 16, 2014, the states of California and Florida intervened in the lawsuit, and the state of New York notified the Court that it would not intervene. On October 3, 2014, the DOJ filed an amended complaint, which did not state a specific damages amount. On October 17, 2014, California and Florida combined their claims with those of the DOJ and the relator on behalf of New York in an Omnibus Complaint, and a First Amended Omnibus Complaint was filed on October 8, 2015; the state claims also do not state specific damages amounts. On June 6, 2019, we filed a motion seeking summary judgment on all claims asserted by all plaintiffs, and the plaintiffs filed a motion for partial summary judgment on elements of liability on their claims. On October 21, 2019, the DOJ moved for a Prejudgment Writ of Sequestration for us to set aside $1,090 million to pay a judgment, should the United States prevail in this litigation, under the Federal Debt Collection Procedures Act. The Writ was sought in response to our announcement of our plans to distribute the after-tax proceeds of the sale of the Symantec enterprise business to Broadcom to our shareholders via a special dividend. The Court denied the Writ on December 12, 2019, on the basis of the government’s failure to establish the “probable validity” of the debt, the amount sought to be sequestered, and our available cash, cash equivalents and short-term investments. The Court permitted the DOJ limited discovery of facts relevant to our financial state and financial projections and the option to renew its motion if appropriate and supported by the analysis of its own financial expert. That discovery period has now closed. On March 30, 2020, the Court issued an Order granting in part and denying in part our motion for summary judgment and granting in part and denying in part the United States’ motion for partial summary judgment. On September 30, 2020, we filed a Motion for Reconsideration of certain rulings in the Court’s March 30 Summary Judgment Order. A second Motion for Reconsideration of certain rulings in the Summary Judgement Order based on significant change in the law was filed on July 23, 2021. Both Motions for Reconsideration were denied. Court ordered mediations in July 2020 and February 2021 were not successful. On March 23, 2021, Plaintiffs withdrew their demand for a jury trial and we consented to proceed with a bench trial, which concluded on March 24, 2022. On January 19, 2023, the Court issued its Findings of Facts and Conclusions of Law in which it found in favor of the United States in part and awarded damages and penalties in the amount of $1.3 million. The Court also found in favor of the State of California in part and awarded penalties in the amount of $0.4 million. The resulting Judgment was filed by the Court on January 20, 2023. At this time, we are considering whether to appeal the Court’s decision. Plaintiffs have not yet indicated if they intend to appeal. On May 13, 2021, we reached a settlement in principle with the State of Florida to resolve all claims it asserted in the litigation for $0.5 million, plus the relator’s statutory attorney’s fees with respect to the State of Florida’s claims. On February 28, 2022, we reached a settlement in principle with the State of New York and the relator to resolve all of the New York claims asserted in the litigation for $5 million. At this time, our current estimate of the low end of the range of probable estimated losses from this matter was reduced to $3 million, inclusive of the judgment and potential related awards, which we have accrued. It is possible that an appeal of the Court’s judgment by the Plaintiffs, if brought, could lead to further claims or findings of violations of the False Claims Act and could be material to our results of operations and cash flows for any period. Resolution of False Claims Act investigations can ultimately result in the payment of somewhere between one and three times the actual damages proven by the government, plus civil penalties. There is a reasonable possibility that a loss may have been incurred in excess of our accrual for this matter; however, such loss cannot be reasonably estimated. Jumpshot Matters At the end of 2019, Avast came under media scrutiny for provision of Avast customer data to its data analytics subsidiary Jumpshot Inc. Jumpshot was a subsidiary of Avast with its own management team and technical experts. Avast announced the decision to terminate its provision of data to, and wind down, Jumpshot on January 30, 2020. As Avast has previously disclosed, it has been in communication with certain regulators and authorities prior to completion of the Merger, and we will continue cooperating fully in respect of all regulatory enquiries. On December 23, 2019, the United States Federal Trade Commission (FTC) issued a Civil Investigative Demand (CID) to Avast seeking documents and information related to its privacy practices, including Jumpshot's past use of consumer information that was provided to it by Avast. Avast responded cooperatively to the CID and related follow-up requests from the FTC. On October 29, 2021, staff at the FTC sent Avast a draft complaint and proposed settlement order. We have been engaged in ongoing negotiations with the FTC staff regarding the scope and terms of the proposed settlement. Any negotiated settlement with the FTC, or absent settlement, any litigation or other legal proceeding between us and the FTC could result in material monetary remedies and/or compliance requirements that impose significant and material cost and resource burdens on us, and may impact our ability to use data in the future. There can be no assurance that we will be successful in negotiating a favorable settlement or in litigation. Any remedies or compliance requirements could adversely affect our ability to operate our business or have a materially adverse impact on our financial results. At this stage, we are unable to assess whether any material loss or adverse effect is reasonably possible as a result of this investigation or estimate the range of any potential loss. On February 27, 2020, the Czech Office for Personal Data Protection (the Czech DPA) initiated offense proceedings concerning Avast`s practices with respect to Jumpshot, which remain ongoing and we continue to evaluate our options. In addition, we received a letter and notification before action from Stichting CUIC – Privacy Foundation for Collective Redress, a Dutch foundation (the Foundation). The Foundation has asserted it represents the interests of Avast customers in the Netherlands whose data was provided to Jumpshot and that by doing so Avast violated the requirements of the GDPR and other provisions in Dutch and European Union privacy and consumer law entitling those customers to damages and other compensation, all of which we dispute. No specific amount of damages has been alleged and to date, no action has been filed. At this stage, we are unable to assess whether any material loss or adverse effect is reasonably possible as a result of this notification before action or estimate the range of any potential loss. On December 12, 2022, a putative class action, Lau v. Gen Digital Inc. and Jumpshot Inc ., was filed in the Northern District of California alleging violations of the Electronic Communications Privacy Act, California Invasion of Privacy Act, statutory larceny, unfair competition and various common law claims related to the provision of customer data to Jumpshot. At this stage, we are unable to assess whether any material loss or adverse effect is reasonably possible as a result of this action or estimate the range of any potential loss. We dispute these claims and intend to defend them vigorously. The outcome of the regulatory proceedings, government enforcement actions and litigation is difficult to predict, and the cost to defend, settle or otherwise resolve these matters may be significant. Plaintiffs or regulatory agencies or authorities in these matters may seek recovery of large or indeterminate amounts or seek to impose sanctions, including significant monetary penalties, as well as equitable relief. The monetary and other impact of these litigations, proceedings or actions may remain unknown for substantial periods of time. Further, an unfavorable resolution of litigations, proceedings or actions could have a material adverse effect on our business, financial condition, and results of operations and cash flows. The amount of time that will be required to resolve these matters is unpredictable, and these matters may divert management’s attention from the day-to-day operations of our business. Any future investigations or additional lawsuits may also adversely affect our business, financial condition, results of operations and cash flows. Other We are involved in a number of other judicial and administrative proceedings that are incidental to our business. Although adverse decisions (or settlements) may occur in one or more of the cases, it is not possible to estimate the possible loss or losses from each of these cases. The final resolution of these lawsuits, individually or in the aggregate, is not expected to have a material adverse effect on our business, results of operations, financial condition or cash flows. |
